1.0 Field of the Invention
This invention relates to e-mail; and in particular, this invention relates to a time decayed dynamic e-mail address.
2.0 Description of the Related Art
Electronic mail, that is e-mail, has become the communication method of choice throughout the business world as well as for the general public. The rapid increase in the number of users of the Internet has made e-mail an attractive advertising medium. E-mail is now frequently used as the medium for widespread marketing broadcasts of messages to large numbers of e-mail addresses. Consequently, e-mail users are facing a growing problem of unsolicited mass e-mails. Unsolicited mass e-mail is typically defined as e-mail messages that are sent in very large quantities to as many recipients as possible, regardless of the desire of the recipients to receive those messages. Sending unsolicited mass e-mail messages is commonly known as spamming. Large service providers and corporations are particularly susceptible to this practice. The senders of unsolicited mass e-mail, hereafter called mass-mailers, typically not only ignore user requests to be removed from future mass mailings, they also typically gather e-mail addresses to sell to other mass mailers.
Mass-mailers collect e-mail addresses from several sources and through elaborate means. For example, mass-mailers collect e-mail addresses from the Internet. Recipients often post their e-mail addresses on web sites or in online forums, and mass-mailers collect the posted e-mail addresses with special tools called “address harvesters”. In another example, mass-mailers use promotional web sites to collect e-mail addresses. Some mass-mailers create a web site in which a user is enticed to enter their e-mail address for a chance to win a small prize, and their e-mail address is thereafter included in the mass-mailers' address lists. In yet another example, mass-mailers collect e-mail addresses from legitimate contact lists. Some companies periodically sell the names and e-mail addresses of potential prospects and mass-mailers purchase these e-mail addresses. Address and contact lists are also part of the assets that are liquidated when a company goes bankrupt. Mass-mailers buy these e-mail addresses and resell them to other mass-mailers.
Once an e-mail address has been included in the list used by a mass-mailer, typically that e-mail address will quickly be resold and used by many other mass-mailers. The recipient will receive an ever-larger amount of unsolicited e-mails. Such an e-mail address is then said to be compromised.
Protecting an e-mail address from being compromised through address harvesters and promotional web sites is relatively straightforward—don't post the e-mail address and don't give the e-mail address to unknown entities. However, there are needs and temptations that make this discipline unlikely for many users.
Typically, it is very difficult to protect an e-mail address from being purchased by mass-mailers as part of a legitimate contact list. Corporate workers must often give their e-mail address to contacts, suppliers, customers and other entities or persons outside their company, each of which can potentially disseminate the e-mail addresses and add them to mass-mailing lists.
The desire to reduce unsolicited mass e-mail has led to numerous technical solutions. Technical solutions include a number of filtering techniques as follows.
1. Filtering known senders. Blocking e-mails from particular e-mail addresses, that is, e-mail addresses of senders known to originate unsolicited e-mail, filters the unsolicited e-mail. This approach, however, is vulnerable to rapid changes in the e-mail address of the source of the unsolicited e-mail. The sources of the unsolicited e-mail can easily change their e-mail address because unsolicited e-mail is typically generated by automated means. For example, mass-mailers often automatically forge their sender address, that is, the “From:” field of an e-mail. Such approaches also typically require the set up and maintenance of a complex filtering mechanism which frequently becomes obsolete shortly after implementation as mass-mailers adjust to the new defenses.
2. Filtering all unknown senders. The filtering of all unknown senders is also referred to as “white listing”. Such filtering is not always practical because corporate recipients often receive e-mails from new contacts, after initiating communication through the phone or in person.
3. Filtering by detection. This filtering technique is also known as “message matching”. This method employs several e-mail addresses that are posted on the Internet for the express purpose of being harvested by mass-mailers and being compromised. The idea is that if these e-mail addresses receive a message, that message will be unsolicited e-mail, and all similar e-mail messages can be tagged as unsolicited e-mails. However, mass-mailers are sprinkling messages with random parts, adding or changing character strings in individual messages, which can defeat the message matching systems.
4. Filtering on content. Many unsolicited mass e-mails contain “trigger words” that can be detected by filtering software. For instance, the word “mortgage” is unlikely to show up in your professional e-mail if you aren't in the real estate business, but is frequent in unsolicited mass e-mail messages. Filtering e-mail on content can be quite efficient at detecting unsolicited e-mail. However, recent trends in unsolicited mass e-mails show that mass-mailers avoid trigger words by misspelling or altering them, for example, “m0rtgage” or m:or.t.gage” instead of “mortgage”, which decreases the filters' efficiency. Mass-mailers also fool naive filtering software by inserting comments within HTML messages to break trigger words (e.g., “mo<!--ZZZZ-->rtgage”). Note that this insertion of useless strings in the unsolicited mass e-mail messages tends to increase their average size.
5. Filtering by adapting. Adaptive filters can be taught to recognize the format and layout of unsolicited mass e-mail messages, which often rely on HTML formatting with several images. However, legitimate e-mails containing genuine press releases and newsletters are also just as likely to be filtered as unsolicited e-mail. In addition, mass-mailers have begun to send unsolicited e-mails with JavaScript encoding as well as e-mail entirely composed of one or more images, which are typically not filtered on content. These JavaScript-encoded and image-based unsolicited mass e-mail messages are of ever-increasing sizes.
6. Filtering at client location. Filtering e-mail at the client location also has problems. When filtering is performed at the client location, unsolicited mass e-mail is sent to the recipient's machine, only to be discarded by the recipient's mail agent. Meanwhile, the network connection of the recipient's machine is clogged by unsolicited e-mails. When the recipient downloads e-mail using a slow dial-up connection, such as when the recipient is away from a corporate office equipped with high-speed networking, the time wasted by downloading unsolicited e-mail can seriously impact productivity.
7. Filtering by wireless devices. A growing number of portable, wireless devices can receive e-mail. The service providers generally sell wireless connectivity by the hour or by the megabyte. When an e-mail address associated with one of these devices is compromised, unsolicited e-mails become a problem because the recipient must typically download the unsolicited e-mail on a slow and expensive connection. Even if an unsolicited e-mail is identified as such, that e-mail message typically has to be downloaded.
8. Filtering by performing a designated function. Some e-mail systems, for example, Qualcomm's® (Registered Trademark of Qualcomm Incorporated) Eudora® (Registered Trademark of Qualcomm Incorporated) Pro, allow the end user to set filters that can be set to scan incoming e-mail and then perform a designated function with that e-mail. Such programs have been set up to scan for messages that do not contain a user's personal e-mail address and to filter such messages into a “hold for review” mailbox. By transferring messages that are not personally addressed, the system can be programmed to attempt to filter out unsolicited e-mails.
9. Filtering through identification data. Another approach to filtering unsolicited e-mail is creation of an inclusion list by the user to include identification data for identifying e-mail desired by the user. Data from one or more fields of incoming e-mail are compared with the identification data stored in the inclusion list. If no match is detected, the system performs at least one heuristic process to determine whether the e-mail may be of interest to the user. If the e-mail message does not satisfy any heuristic criteria, the message may be marked with a display code, such as “junk.”
10. Filtering by digital signatures. Yet another approach to the problem of filtering unsolicited e-mail is provided by products that attach digital signatures to outgoing mail and then monitor incoming mail looking for valid signatures. One such product is available commercially as AuthentiMail™, from Omnipoint Technologies, Inc. This system uses an intermediary server between the external Internet and an internal mail server. Before e-mail is delivered to the Internet, a signature is attached to the message to protect the user's e-mail address. If a third party server tries to forward the message or compile the sender's name in a mailing list, the signature is invalidated to prevent spamming. This technique uses elaborate schemes and algorithms for creation and use of digital signatures.
11. Filtering through use of disposable e-mail addresses. In some systems which use disposable e-mail addresses, each e-mail user maintains a pool of disposable e-mail addresses, all going to the same mailbox. The user requests a disposable address from the mail server via a software tool. Each disposable e-mail address is given to a small number of entities, and ideally only to one. When an e-mail address starts receiving unsolicited e-mails, the recipient can revoke it. This address will then be considered compromised. If the address has been given to a single entity, this entity will then be considered as a source of unsolicited e-mails, and corporate policies for dealing with such entities can be activated. If the address has been given to more than one entity, each entity can be informed automatically that the recipient's address is changing to a new one. Then each entity is given a separate address. The system stores information which associates the disposable addresses which have been used with the senders who used the disposable addresses.
Some e-mail systems provide on-the-fly disposable e-mail addresses. For a pre-registered disposable e-mail address, a user manually creates and registers a new disposable e-mail address with the mail server before that e-mail address is used. This is not convenient.
In an on-the-fly disposable e-mail address, a user, such as a sender or a system administrator, manually creates a new disposable e-mail address on-the-fly which is unique for each sender. In an on-the-fly disposable e-mail address system, each user has a set of e-mail addresses which are all forwarded to the same mailbox. Like every Internet e-mail address, an on-the-fly disposable e-mail address is made of two parts, a mailbox identifier (id) and the host name, written as: mailboxID@hostname. The hostname is a Fully Qualified Domain Name, for example, mail.ibm.com, of the mail server. In an on-the-fly e-mail address, the mailbox id is composed of several parts: a unique username, which identifies the user owning the mailbox; the sendername, which identifies the sender to which the on-the-fly disposable address was given; and a passcode. Ideally, the user uses a different passcode for each recipient. However, some e-mail users would find this inconvenient.
All e-mail systems, including on-the-fly disposable e-mail address systems, are susceptible to and must be protected against dictionary attacks. In a dictionary attack, a mass-mailer targets a mail server and uses a computer program to generate millions of username by combining common first and last names, and possibly initials and numerical suffixes. The mass-mailer hopes that a certain proportion of the random combinations will match existing username. Hence, in an on-the-fly e-mail system the passcode deters dictionary attacks. Typically, elaborate and complex algorithms are required to create and validate good passcodes. In addition, users are burdened with tracking and management of their disposable, secondary e-mail addresses.
While the above-described filtering techniques attempt to minimize the harmful effects of unsolicited mass e-mails, they use complex and costly software and/or servers that can be difficult to set up and maintain. Furthermore, existing filtering systems download the e-mails for processing. Many corporate filtering systems are typically server based, but they merely identify unsolicited mass e-mail messages and tag them as such. Therefore, the unsolicited e-mails clog the mailbox and network connection of the recipient. Another significant risk with the filtering techniques is that valid and valuable e-mails of interest may be discarded. If the filtered e-mails are held for further review and if the user is required to review the filtered e-mails to preclude this problem, then most of the advantages from filtering are lost. The time required to review tagged unsolicited e-mails is comparable to the disruption caused by unsolicited e-mails arriving at the user's regular mailbox. Accordingly, there remains a need for a simple, yet effective way of restricting and reducing unsolicited e-mails.